H3C Technologies H3C SecPath F1000-E User Manual
Page 627
7
From the navigation tree, select Intrusion Detection > Traffic Abnormality > SYN Flood to
enter the SYN flood detection configuration page, as shown in
. You can select a security zone
and then view and configure SYN flood detection rules for the security zone.
Figure 7 SYN flood detection configuration page
Do the following to configure SYN flood detection:
1.
In the Attack Prevention Policy area, specify the protection actions to be taken upon
detection of a SYN flood attack. If you do not select any option, the device only collects SYN
flood attack statistics. The available protection actions include:
•
Discard detected attack packets. If detecting that a protected object in the security zone is under
SYN flood attack, the device drops the TCP connection requests to the protected host to block
subsequent TCP connections.
•
Add protected IP entry to TCP Proxy: If detecting that a protected object in the security zone is
under SYN flood attack, the device adds the target IP address to the protected IP list on the TCP
proxy as a dynamic one, setting the port number as any. If TCP proxy is configured for the security
zone, all TCP connection requests to the IP address will be processes by the TCP proxy until the
protected IP entry gets aged out. Note that if you select this option, you are recommended to
configure the TCP proxy feature on the page you can enter after selecting Intrusion Detection
> TCP Proxy.
2.
In the SYN Flood Configuration area, view the configured SYN flood detection rules, or click
Add to enter the page shown in
to configure a SYN flood detection rule.